-
漏洞信息 (24251)

source: http://www.securityfocus.com/bid/10657/info
Symantec Brightmail anti-spam is reported prone to an unauthorized message disclosure vulnerability.
This issue exists in the Brightmail anti-spam control center. Due to improper access validation a remote attacker can read users' filtered email.
Symantec Brightmail anti-spam 6.0 is reported prone to this issue, however, other versions may be affected as well.
/brightmail/quarantine/viewMsgDetails.do?id=QMsgView-[some-value]

-
漏洞信息

-
漏洞描述

Symantec Brightmail Spamfilter contains a flaw that may lead to unauthorized information disclosure. The issue is triggered when an attacker alters the id parameter, which will disclose potential mail information resulting in a loss of confidentiality.

-
时间线

公开日期:
2004-07-05

发现日期:
2004-07-01

利用日期:2004-07-05

解决日期:Unknow

-
解决方案

Upgrade to version 6.0.0.121 or higher, as it has been reported to fix this vulnerability. Additionally, Symantec has released a patch to address this vulnerability.

-
受影响的程序版本

-
漏洞讨论

This issue exists in the Brightmail anti-spam control center. Due to improper access validation a remote attacker can read users' filtered email.

Symantec Brightmail anti-spam 6.0 is reported prone to this issue, however, other versions may be affected as well.

-
漏洞利用

No exploit is required.

The following proof of concept is available:/brightmail/quarantine/viewMsgDetails.do?id=QMsgView-[some-value]

-
解决方案

Symantec has acknowledged the presence of this issue in Brightmail Anti-Spam 6.0. A fix is available for authorized customers through the support download site. To obtain the fix, please see the support download page in Web references below.